Vitor Pamplona on Nostr: So, if the user rotates 30 times, do Clients need to require users to sign with 30 ...
So, if the user rotates 30 times, do Clients need to require users to sign with 30 private keys (so that I can decrypt the old messages) and then proceed to download data from those 30 users at the same time to build the interface?
Also, historical events cannot be trusted when the key rotates. There is always a reason for the rotation and all of them means that the key cannot be trusted anymore. Merging them together, you might be merging events signed by an attacker that found the key years later. Remember, anyone can write in the past.
I don't know.. you said my idea will be hard to implement and scale, but yours is even harder. They now need to use your server and a client to play with Nostr. And the client needs to do a lot of the merging itself. Mine is just, give up the old, move to the new and never trust the old one ever again.
Also, historical events cannot be trusted when the key rotates. There is always a reason for the rotation and all of them means that the key cannot be trusted anymore. Merging them together, you might be merging events signed by an attacker that found the key years later. Remember, anyone can write in the past.
I don't know.. you said my idea will be hard to implement and scale, but yours is even harder. They now need to use your server and a client to play with Nostr. And the client needs to do a lot of the merging itself. Mine is just, give up the old, move to the new and never trust the old one ever again.